1

I am using the postgres docker image to create a local database for development. A feature of the image is that any shell scripts in a directory will be run on startup, I use this to setup my schema and users. Everything is working great for creating my schema and user with full access to it, however when I create a read only user things don't seem to work. The script appears to suddenly stop without granting the read only access I request. Its not a syntax issue because I can use psql to connect to the database and copy paste the commands which works perfectly.

The shell script that runs any sql files in the directory, only one for now.

for sql in /docker-entrypoint-initdb.d/*.sql
do
    gosu postgres postgres --single < $sql
done

The actual sql file that gets run (connection details redacted)

-- Main user with full access to its schema
CREATE SCHEMA s;
CREATE USER u PASSWORD 'p';
GRANT ALL ON SCHEMA s TO u;
GRANT ALL ON ALL TABLES IN SCHEMA s TO u;


-- Readonly user
CREATE USER readonly PASSWORD 'r';

-- THE FOLLOWING DOESN'T SEEM TO RUN
-- Allows read on everything in schema s
GRANT USAGE ON SCHEMA s TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA s TO readonly;

Its those last two commands that don't seem to run. I can connect with the user 'readonly' but will get permission errors on schema 's' until I use psql to re-run the last two commands on the database.

The logs contain no errors or warnings

Improve this question
4
  • that is really weird. can you exec into that image and run gosu postgres postgres --single < /docker-entrypoint-initdb.d/*.sql ? Do the logs of the postgres appear in the docker logs image output? Commented Mar 25, 2015 at 13:38
  • Yes the logs from postgres appear with docker logs. I can see the database start up and I can see the database being altered, but there are no errors or signs of issues. I tried running exec on the container to re-run the file, but it gives me an error saying "lock file "postmaster.pid" already exists" Commented Mar 25, 2015 at 14:18
  • 1
    maybe you could exec in with bash, shutdown the postmaster, then try to run the script? maybe the problem is with single user mode? i went and looked at my db startup scripts, i use multi user mode to 'init' database in docker. this is interesting... stackoverflow.com/questions/28244869/… Commented Mar 25, 2015 at 15:07
  • Thanks for that link to the other question. It seems like the real problem is that while they suggest using single user mode it doesn't actually work in practice. I have a psql wrapper I use for running scripts on remote servers, I've modified it to fit my needs for a local server Commented Mar 25, 2015 at 16:42

1 Answer 1

Reset to default
1

it just occurred to me while typing this answer is your postgres --single command line does not reference a database. Is it possible that the schema setting is happening in the 'postgres' database, when you really want it in your target database!?! Anyway, from the referenced SO answer it might be a good idea to do this setup in multiuser mode. I'd do that something like this:

echo "Starting PostgreSQL server..."
/etc/init.d/postgresql start

for sql in /docker-entrypoint-initdb.d/*.sql
do
    gosu postgres psql -Upostgres -h $(hostname -i) -f ${sql} ${DB_NAME}
done

echo "Done with initialization ... database "$DB_NAME" is ready to use"

/etc/init.d/postgresql stop

of course you have to worry about the pg_hba access methods here. In my environment, I am trusting the connection from the private ip address, YMMV. -g

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You're right, while they suggest using single user mode in the docker container its not a viable solution. I have a script that I use to bulk run sql scripts against a server and I've modified it to handle single scripts against my development database better.
Did you consider that the grant on the readonly user was in the wrong database?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.